The ssl_set_client_disabled function in t1_lib.c in OpenSSL 1.0.1 before 1.0.1i allows remote SSL servers to cause a denial of service (NULL pointer dereference and client application crash) via a ServerHello message that includes an SRP ciphersuite without the required negotiation of that ciphersuite with the client.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Openssl | Openssl | 1.0.1 (including) | 1.0.1 (including) |
| Openssl | Openssl | 1.0.1-beta1 (including) | 1.0.1-beta1 (including) |
| Openssl | Openssl | 1.0.1-beta2 (including) | 1.0.1-beta2 (including) |
| Openssl | Openssl | 1.0.1-beta3 (including) | 1.0.1-beta3 (including) |
| Openssl | Openssl | 1.0.1a (including) | 1.0.1a (including) |
| Openssl | Openssl | 1.0.1b (including) | 1.0.1b (including) |
| Openssl | Openssl | 1.0.1c (including) | 1.0.1c (including) |
| Openssl | Openssl | 1.0.1d (including) | 1.0.1d (including) |
| Openssl | Openssl | 1.0.1e (including) | 1.0.1e (including) |
| Openssl | Openssl | 1.0.1f (including) | 1.0.1f (including) |
| Openssl | Openssl | 1.0.1g (including) | 1.0.1g (including) |
| Openssl | Openssl | 1.0.1h (including) | 1.0.1h (including) |
| Openssl | Ubuntu | devel | * |
| Openssl | Ubuntu | precise | * |
| Openssl | Ubuntu | trusty | * |
| Openssl | Ubuntu | upstream | * |